The assessment of smart city information security risk in China based on zGT2FSs and IAA method

The continuous expansion of the construction scale of smart city has reconstructed the urban information pattern. How to maintain the stability of information security while giving full play to the role of information sharing is a practical problem that must be solved for the sustainable development of smart city. Based on the information ecology theory, this paper construct the smart city information security risk evaluation system from six aspects. Then, zGT2FSs is established based on type-2 fuzzy set theory and IAA method, which fully considers the internal and external uncertainty of expert decision-making. According to the calculation results, the key influencing factors of information security risk of smart city are analyzed to provide suggestions and guidance for the formulation of information security control in the process of smart city construction in China.


Materials and methods
zSlice-based general type-2 fuzzy sets (zGT2FSs). Type-1 fuzzy sets (T1 FSs) and Type-2 fuzzy sets (T2 FSs). Classical Logic (represented by Boolean logic) holds that all objects or statements can be represented by binary terms such as 0 or 1, yes or no, black or white 31 . Given the set X , every element in its universe either belongs to the set X completely or does not belong to X at all, and there is no case where part of it belongs to X . However, the semantic concepts used in people's daily communication are often uncertain, and whether an element belongs to a semantic concept is often a gradual process rather than a sudden change, which cannot be simply described by the yes and no 32,33 .
In order to better model semantic concepts, Zadeh 34 put forward fuzzy set theory (as T1 FSs in this paper). Compared with classical logic, T1 FSs can better measure the uncertainty of a single user's understanding of semantic concepts, which is Intra uncertainty. In 1975, Zadah 35 put forward the concept of T2 FSs based on T1 FSs. Compared with T1 FSs, T2 FSs are characterized by 3 dimensional MFs, which in turn making T2 FSs a better ways to solve the high levels of uncertainty 36 . Different Representations of Temperature By Boolean Logic (Classic Logic), T1 FSs and IT2 FSs are shown in Fig. 1.
A T1 FSs can be generalized as as set function on a universe X into [0, 1] . MF can be represented by µ(x) and classic T1 FS can be defined as: www.nature.com/scientificreports/ where X is continues, A can be commonly formalized as: where is union over all x ∈ X. The T2 FSs can be defined as: Or where J x is the primary membership and J x ∈ [0, 1] , µÃ(x, u) is the secondary membership corresponding to each primary membership and 0 ≤ µÃ(x, u) ≤ 1.
Interval Type-2 fuzzy sets (IT2 FSs). Interval Type-2 Fuzzy Sets (IT2 FSs) are simplification forms of T2 FSs which the primary membership is defined as the interval y, y , where y and y represent the different degrees of membership of x in the lower membership function (LMF) and upper membership function (UMF) respectively 30,37 , we give a sample of membership function of IT2 FSs in Fig. 2   www.nature.com/scientificreports/ the secondary membership as Vertical Slice. Since this method is intuitive and easy to understand, it has been widely popularized and applied 39,40 . The vertical slice based on T2 FSs in the universe X can be expressed as: On the basis of vertical slice, scholars put forward wavy slices 41 , computational geometry approach 42 and other methods 43 .
A zSlice is formed by slicing a general type-2 fuzzy set in the third dimension (z) at level z i , creating an interval set with height z i in the third dimension (as Fig. 3). A zSlice Z i can be expressed as:

Or
Or where z i = i/I,1 ≤ i ≤ I , the notation I means the the number of zSlices. In Eq. (11), a zSlice Z i is equal to a T2 FSs which membership grade µZ i (x,u) in the third dimension equal z i ,0 ≤ z i ≤ 1. Specially, when z = 0, A general T2 FS F is equal to the collection of zSlices: In a discrete situation, Eq. (15) can also be written as: The MF µG x ′ of the zSlice based general type-2 fuzzy set (zGT2FSs)F can be written as: Interval agreement approach (IAA). The academic method research on modeling survey based data using T2 FSs such as the interval approach (IA) 44 and enhanced interval approach (EIA) 45,46 has made a lot of progress, but these methods require data preprocessing and specific FSs forms, which makes it difficult for cal-   48 proposed a new approach about how uncertain intervals (where there is uncertainty about the endpoints of intervals) collected from decision-makers or multiple survey participants over repeated surveys can be modeled using type-1, interval type-2, or general type-2 FSs based on zSlices, named interval agreement approach (IAA). This method captures and models survey-based uncertainty requiring no data preprocessing and the prior definition of a specified MT type 49 . IAA method can effectively reduce the quantity and degree of assumptions. In addition, this method constructs nonparametric model based on interval data without determining the specific type of FSs (such as Gaussian and Triangular) 50,51 . At same times it can greatly diminish the loss of information when reduce the higher ordered model 52 .
In this paper, we focus on modeling more uncertainty intervals from multiple sources, therefore, we only explain the principle in that case. And it is worth note that we claim all methods were carried out in accordance with relevant guidelines and regulations, all experimental protocols were approved by the Academic Ethics Committee of Qingdao University of Technology, Academic Committee of Qingdao University of Technology, informed consent was obtained from all subjects and/or their legal guardians. IAA method is conducted by following steps.
Step 1. Generate the IT2 FSs for each source.
where y i = i N . And it is worth noting that we employ Eq. (18) independently for all outer and inner endpoints, create the UMF and LMF of IT2 FSs model.
Step 2. Aggregate IT2 FSs to create a zGT2 FS.
where z i = i N . In this step, Eq. (19) is applied twice to get all source-specific UMFs and LMFs resulting in the UMFs and LMFs of respective zSlices.
The steps above create zGT2FS that provides a model of both intra and inter uncertainty for the given set of uncertain intervals.

Case study
Problem description. The application of emerging technologies in the construction of smart city fully integrates data resources and changes the information pattern of cities, leading to significant changes in the connotation and conformation of information security of smart city, bringing about a multi-faceted impact on information security (Fig. 4). Information security is the foundation of smart city construction and the guarantee of healthy development of it, hence the significance for the information security risk evaluation to ensure sustainable development. In China, promote the construction of new smart city has become the strategic direction of China's urban development 53 . With the gradual deepening of smart city construction, the issue of information security has become an increasingly prominent focus 54 . Information security is the foundation of smart city construction and the guarantee of healthy development of smart city 55 , which plays a vital role in smart city system and even national and social stability.
The problem faced by the decision makers in China's smart city project is to prioritize the dimensions and application areas separately so that project resources are allocated according to the importance and urgency of the each application area and the dimension related with it. The application of the smart city concept is www.nature.com/scientificreports/ conceptualized as a MCDM problem and IAA approach with zSlice type-2 fuzzy sets is utilized to solve this problem.
Smart city information security risk evaluation indicator system. In 1869, Haeckel 56 put forward the concept of ecology for the first time, he stated that ecology is the whole relationship between animals, organic and inorganic environments. Ecology developed rapidly and penetrated into many disciplines after that [57][58][59][60][61] . Information ecology is a new subject research field which emerged from the intersection of information science and ecology, existing studies have confirmed the applicability of information ecology theory in information security system [62][63][64] . Smart city is a typical information ecosystem which covers many elements such as people, information, technology and institutions. Based on the information ecology theory, we investigate the elements of smart city information ecosystem and existing security risks, comprehensively analyze the characteristics of information security risks in smart city according to the roles and influences among the elements and construct the evaluation indicator system. Through analyzing the literature in recent 10 years and screening the indicators (details at ESM Appendix I), the evaluation indicator system of information security risk assessment is shown in Fig. 5. www.nature.com/scientificreports/ Experimental results. Aiming at the information security risk evaluation of smart city, four experts were selected from different organizations for interview research. The purpose of this study is to provide decisionmaking reference for professionals who are responsible for information security risks in smart city. Therefore, we do not cover all stakeholders of information security risks in smart city in an all-round way, but give priority to the opinions of the implementation and decision-makers who have a say in the project. The four experts selected in this paper have more than 10 years of relevant experience in their specific fields in smart city and have decision-making ability in their organizations. According to IAA, in order to capture uncertainty during data collection, the survey design in which experts can express their uncertainty about a given response by specifying an interval, rather than specifying or choosing a crisp point such as on Likert scale. Each decision-makers is asked to provide a variance in each decision which can be interpreted as the uncertainty of in their answers. In this method, experts' certainty in their view denoted by the width of the interval, a narrow interval indicates that experts are sure about their answer, a wider interval means that they are less certain (as Fig. 6).
In this paper, three repeated questionnaires were conducted for four experts at different 3 times. The contents of the questionnaires were the same, and a total of 12 questionnaire results were obtained, based on which the internal and external uncertainties in the expert decision-making process were measured. Each pair of intervals is calculated according: where p is the resulting pair of intervals, u is the uncertainty value, and [a, b] is an expert's opinion.
In order to show the above decision-making process more intuitively, the ellipse drawn by experts from one of the surveys is summarized in digital form as shown in Table 1.
Next, calculate the intervals according to Eq. (20), the results are showed as Table 2. Using Eq. (18) with the above intervals (detailed calculations can be found in ESM Appendix II, (2)), results in It is worth noting that the notation µ Ã means the UMF and µ Ã means the LMF which together completely describe the IT2 FS Ã for expert A.
After complete generating the IT2 FSs, we proceed to step 2 to create a zGT2 FS that can representing the intra and inter uncertainty. According to "Materials and methods", the secondary membership domain is divided into 4 levels, at membership degrees of 0.25, 0.5, 0.75 and 1, also can be express as Z 1 = 1/4 = 0.25 , Z 2 = 2/4 = 0.5 ,   (24) and (25) give the details of Z 1 which are calculated using Eq. (19), and a more detailed view of the calculations can be found in ESM Appendix II.    Figure 7 shows the IT2 FSs created for each of the experts over the www.nature.com/scientificreports/ three surveys, Fig. 8 shows the zSlices at the respective secondary membership degrees (zLevels) of 0.25, 0.5, 0.75, and 1. Repeat the above steps to obtain zGT2FSs corresponding to 18 indicators. The calculation results are summarized in Table 3. Thus, the indicator weights are showed in Table 4.
In order to verify the superiority of the IAA model, we conducted a comparison experiment of EIA and IA method use the same data of the 4 experts above according 44 and 45 , results are shown directly as Fig. 9.
A direct comparison was showed above, it is apparent that the shape of the sets generated by three models have similarity, illustrates the effectiveness of the IAA method in evaluation. EIA and IA are two classic method of T2-fuzzistics methodology to obtain IT2 FS models that have already proved by many researches about their practical and validity [65][66][67][68][69] . Through above analysis, it can be known that IAA method models the intra-uncertainty in the primary membership, inter-uncertainty in the FOU, while EIA/IA method models the intra-uncertainty in the FOU, and do not capture the interval endpoints uncertainty. Next, the overall results demonstrate superiority of IAA when measuring different types of uncertainty (both inter and intra). EIA/IA combine both intra and inter-uncertainty in the triangular IT2 FS, different from the IAA using secondary membership to capture uncertainty across 4 experts, enable the capturing of both crisp and uncertain intervals, minimizing any loss of information and any assumptions. Therefore, we summarize the different characteristics of the three methods and the superiority od IAA as: (1) if the decision come from a single source, which is, the intervals are crisp, IAA generates T1FS while IA produce IT2 FSs to measure intra-uncertainty based on single or repeated surveys; (2) if decisions come from multiple sources, which is, the intervals are crisp, IAA generates zGT2 FS to measure intra and inter uncertainty using primary and secondary membership while IA and EIA produce IT2 FS combining both types of uncertainty; Table 3. zSlice details with intervals and associated primary and secondary membership. www.nature.com/scientificreports/ (3) the IAA approach enables the capturing and modeling of uncertain intervals which is currently not directly possible with the IA/EIA approaches.

Results and discussion
Based on the analysis results, the top 5 critical factors of smart city information security risk are: Data Encryption and Recovery (0.0774), Failure Rate of Software and Hardware (0.0700), Practitioner Intelligence Level (0.0698), Maturity of Smart City Application System (0.0673), Access Control and Identity Authentication (0.0659). From the results we deduct from the survey above, it can be seen that there are 2 index from the top 5 most important factors belong to the same category which is information security assurance (0.1989). And the rest of categories can be ranked by importance as information infrastructure (0.1799), information security personnel (0.1720), information technology (0.1647), information security environment (0.1594) and information management (0.1250). As the operations results show the rules and characters in the field of smart city information security, the policy orientation in the real world is also in agreement with it (we would give samples of those situation and cases in next paragraph), which prove that the methodology proposed in this paper can be used to analysis smart city information security during the government scientific decision-making process by giving the stakeholders a importance ranking reference, as they can use in relevant invest or policy-making programs.
In the context of the normalization of epidemic prevention and control, a large amount of data has been made publicly available to national research organizations in order to enhance epidemic traceability and prediction, leading to a significant increase in the difficulty of data encryption and recovery processing. Meanwhile, in the field of software and hardware, Huawei established the most stringent routing WIFI testing laboratory in Wuhan, 2019, gradually expanding its global market share through self-developed technology, and further enhancing China's global IT industry position. Further more, as the construction of smart cities continues, the construction of a new smart city puts forward higher requirements for the technological innovation and concept change of www.nature.com/scientificreports/ smart city practitioners, with a view to realizing the integration of smart city with financial technology, urban and rural planning, emergency decision-making and other fields. After Equifax and Alteryx data breaches, the need for authentication to protect privacy is increasing. The Chinese native open source server operating systems represented by Kylin focus on enhancing identity authentication, executing control mechanism and security audit 70 , but compared to the high level of security and reliability as it claimed, Kylin also faces problems like physical memory limits, unknown error occurred after resetting metadata 71 , etc. In general, the development of China's smart city information security technology has achieved certain results, but still face many challenges. A large amount of foreign technologies and achievements have been applied in the core construction of China's smart city, bringing certain supply chain risks. In addition, with the world's urban development focusing on carbon emission and carbon neutrality, the construction and development of smart city have increased the strategic direction of reducing carbon emission, which puts forward new requirements for scientific and technological innovation and application. With the public attaching importance to the safety and sustainability of urban construction, the development of smart city in China should actively integrate social resources, strengthen technology R&D and promotion, truly realize the autonomy and controllability of core technology, and the refinement and intelligence of urban governance.
Based on the above analysis, we proposed the following strategy suggestions.
(1) Strengthen the top-level design of information security in smart city. Government departments should conduct overall coordination from the top-level design, formulate all-round information security strategies, policies, plans and schemes, establish and improve the information security management mechanism of smart city, to avoid overlapping or blank areas of the functions of participating departments.
(2) Build the smart city information security framework system. Combine the results from this paper above, optimizing access control is the focus and difficulty of managing information security risks in smart cities. In the application of smart city data, government should strengthen the security of the operating system, realize access control and hardware security through identity authentication technology and cloud storage security technology, to ensure the stability of the security system.
(3) Improve the smart city information security evaluation mechanism. Security assessment can help the government and relevant departments effectively analyze system risks, master system security status, make scientific decisions, and improve the level of information security. Combined with the research of this paper, the government should fully consider the information uncertainty in decision-making, and comprehensively improve the information security evaluation mechanism of smart city from assets, threats, vulnerability and security measures.

Conclusion
In this study, we discuss smart city information security risk prioritization problems using zGT2FSs and IAA method from the point of view of solving the problem of information loss in multi-criteria decision making. The results show that data encryption and recovery is the most critical factor affecting the smart city information security risk, and IAA method has apparently better ability to represent multidimensional uncertainty compared with EIA and IA. In the context of the normalization of COVID-19 prevention and control, it is very urgent to manage and protect a large number of data resources. As the operations results show the rules and characters in the field of smart city information security, the policy orientation in the real world is also in agreement with it, we suggest IAA method is very useful for capturing interval-based (survey) data and uncertainty information in fuzzy sets models by minimizing any assumptions or loss of information, which can supports crisp or uncertain intervals setting from multiple sources captured over different surveys. Compared with other MCDM methods such as VIKOR, TOPSIS, UAT etc., the IT2FSs & IAA method is also more realistic and easier to comprehend and implement. However, there are still some deficiencies in this paper. Firstly, we only adopt 4 experts in this paper for case study, although there are advantages such as adequacy of the small number of decision makers and ease of application, limited to the computing complexity of high-class fuzzy logic system, the sample size is not big enough to a certain extent. Secondly, we have not proposed a practical case study from one or some smart cities in China as samples due to the general model data set limitation. In the future, we would aim to adopt reduct algorithms and machine learning to optimization computing process, enlarge the group number of experts, and we are also working on explore practical applications focusing on conducting a web-or mobile-app-based data collection exercise, which will expand the IAA method to access more representative data and evaluate the proposed approach in real-world contexts.